Can't seem to get rid of it, it reappears after I end the process and I never use internet explorer. I have all logs except GMER. I saved it in safe mode but I can't find it now.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5698
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
2/8/2011 2:54:19 AM
mbam-log-2011-02-08 (02-54-19).txt
Scan type: Quick scan
Objects scanned: 162636
Time elapsed: 8 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS Log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by thomas at 15:37:50.64 on Tue 02/08/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.886 [GMT -6:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\thomas\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HypreCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyprecam toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [SpybotDeletingB4741] command.com /c del "c:\windows\system32\sdra64.exe"
dRunOnce: [SpybotDeletingD1233] cmd.exe /c del "c:\windows\system32\lowsec\local.ds"
dRunOnce: [SpybotDeletingB6748] command.com /c del "c:\windows\system32\lowsec\user.ds"
StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\thomas\desktop\virus removal tool\setup_9.0.0.722_07.02.2011_14-06\startup.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} - hxxp://www.sunzio.com/global/SunFolderAx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\b06iw1a1.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\thomas\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R0 73164542;73164542 Boot Guard Driver;c:\windows\system32\drivers\73164542.sys [2011-2-7 37392]
R1 73164541;73164541;c:\windows\system32\drivers\73164541.sys [2011-2-7 128016]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-7-26 20384]
R1 setup_9.0.0.722_07.02.2011_14-06drv;setup_9.0.0.722_07.02.2011_14-06drv;c:\windows\system32\drivers\7316454.sys [2011-2-7 311312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-8 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-8 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-8 61960]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-1-6 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-1-6 616816]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-26 954368]
S3 spvads;SoundPlane Audio Device (S);c:\windows\system32\drivers\spvads.sys [2010-11-19 48128]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-1-6 16240]
=============== Created Last 30 ================
2011-02-08 10:00:23 -------- d-----w- c:\users\thomas\appdata\roaming\Avira
2011-02-08 09:54:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-08 09:54:10 -------- d-----w- c:\program files\Avira
2011-02-08 09:54:10 -------- d-----w- c:\progra~2\Avira
2011-02-08 07:30:01 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0717ed3a-0d5c-40f7-847b-25d8f301426d}\mpengine.dll
2011-02-07 21:28:42 37392 ----a-w- c:\windows\system32\drivers\73164542.sys
2011-02-07 21:28:42 311312 ----a-w- c:\windows\system32\drivers\7316454.sys
2011-02-07 21:28:42 128016 ----a-w- c:\windows\system32\drivers\73164541.sys
2011-02-07 20:12:03 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-07 20:12:03 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-07 20:12:03 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-07 20:12:03 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-07 20:12:03 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-07 20:12:00 -------- d-----w- c:\users\thomas\appdata\roaming\Simply Super Software
2011-02-07 20:12:00 -------- d-----w- c:\program files\Trojan Remover
2011-02-07 20:12:00 -------- d-----w- c:\progra~2\Simply Super Software
2011-02-06 23:38:43 -------- d-----w- c:\program files\CCleaner
2011-02-03 18:36:13 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-29 21:54:22 -------- d-----w- c:\program files\iPod
2011-01-12 15:00:22 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 15:00:21 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 15:00:21 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 15:00:21 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 15:00:21 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 15:00:21 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 15:00:18 1169408 ----a-w- c:\windows\system32\sdclt.exe
==================== Find3M ====================
2011-02-08 19:44:56 246823695 ----a-w- c:\windows\DUMP6b40.tmp
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-08-17 08:18:39 30720 --sha-w- c:\windows\system32\hemudapa.exe
============= FINISH: 15:46:57.78 ===============
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5698
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
2/8/2011 2:54:19 AM
mbam-log-2011-02-08 (02-54-19).txt
Scan type: Quick scan
Objects scanned: 162636
Time elapsed: 8 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS Log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by thomas at 15:37:50.64 on Tue 02/08/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.886 [GMT -6:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\thomas\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HypreCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyprecam toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [SpybotDeletingB4741] command.com /c del "c:\windows\system32\sdra64.exe"
dRunOnce: [SpybotDeletingD1233] cmd.exe /c del "c:\windows\system32\lowsec\local.ds"
dRunOnce: [SpybotDeletingB6748] command.com /c del "c:\windows\system32\lowsec\user.ds"
StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\thomas\desktop\virus removal tool\setup_9.0.0.722_07.02.2011_14-06\startup.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {19F91908-F9CD-4876-9EAE-AD6F4C6BAB59} - hxxp://www.sunzio.com/global/SunFolderAx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\b06iw1a1.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\thomas\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R0 73164542;73164542 Boot Guard Driver;c:\windows\system32\drivers\73164542.sys [2011-2-7 37392]
R1 73164541;73164541;c:\windows\system32\drivers\73164541.sys [2011-2-7 128016]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-7-26 20384]
R1 setup_9.0.0.722_07.02.2011_14-06drv;setup_9.0.0.722_07.02.2011_14-06drv;c:\windows\system32\drivers\7316454.sys [2011-2-7 311312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-8 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-8 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-8 61960]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-1-6 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-1-6 616816]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-26 954368]
S3 spvads;SoundPlane Audio Device (S);c:\windows\system32\drivers\spvads.sys [2010-11-19 48128]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-1-6 16240]
=============== Created Last 30 ================
2011-02-08 10:00:23 -------- d-----w- c:\users\thomas\appdata\roaming\Avira
2011-02-08 09:54:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-08 09:54:10 -------- d-----w- c:\program files\Avira
2011-02-08 09:54:10 -------- d-----w- c:\progra~2\Avira
2011-02-08 07:30:01 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0717ed3a-0d5c-40f7-847b-25d8f301426d}\mpengine.dll
2011-02-07 21:28:42 37392 ----a-w- c:\windows\system32\drivers\73164542.sys
2011-02-07 21:28:42 311312 ----a-w- c:\windows\system32\drivers\7316454.sys
2011-02-07 21:28:42 128016 ----a-w- c:\windows\system32\drivers\73164541.sys
2011-02-07 20:12:03 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-07 20:12:03 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-07 20:12:03 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-07 20:12:03 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-07 20:12:03 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-07 20:12:00 -------- d-----w- c:\users\thomas\appdata\roaming\Simply Super Software
2011-02-07 20:12:00 -------- d-----w- c:\program files\Trojan Remover
2011-02-07 20:12:00 -------- d-----w- c:\progra~2\Simply Super Software
2011-02-06 23:38:43 -------- d-----w- c:\program files\CCleaner
2011-02-03 18:36:13 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-29 21:54:22 -------- d-----w- c:\program files\iPod
2011-01-12 15:00:22 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 15:00:21 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 15:00:21 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 15:00:21 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 15:00:21 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 15:00:21 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 15:00:18 1169408 ----a-w- c:\windows\system32\sdclt.exe
==================== Find3M ====================
2011-02-08 19:44:56 246823695 ----a-w- c:\windows\DUMP6b40.tmp
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-08-17 08:18:39 30720 --sha-w- c:\windows\system32\hemudapa.exe
============= FINISH: 15:46:57.78 ===============